Update query to a MYSQL database is the death of me

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cardoso
Forum Newbie
Posts: 1
Joined: Mon Sep 29, 2008 9:41 am

Update query to a MYSQL database is the death of me

Post by cardoso »

Hi all,

I'm new to this forum... *wave*

I have had a problem for the past month that has caused some of my hair to grow white faster. At first I had this big complicated page that did fancy stuff.... but at the heart of it was a simple update query that should update a mysql db record. I have now striped everything down to only the form and the query and I'm still getting the error.

It seems as though if the word "from" or "select" is used in the textarea (my content), my query breaks down and It doesn't write to the db. If I remove those words from the text... it writes to the db.

I've checked the error log and it doesn't help much.

Here's the query:

$content = $_POST['content'];
$id = $_POST['id'];
//update database
$query = "UPDATE articles SET content = '$content' WHERE id = '$id'";

I've also tried adding mysql_real_escape_string around content like this....
$content = mysql_real_escape_string($_POST['content']);

and the thing is... there isn't one single or double quote in the entire content text causing this issue.

Can anybody help? My client is getting ready to run :-(

Thanks in advance

Nelson
User avatar
The_Anomaly
Forum Contributor
Posts: 196
Joined: Fri Aug 08, 2008 4:56 pm
Location: Tirana, Albania

Re: Update query to a MYSQL database is the death of me

Post by The_Anomaly »

At the moment I don't have the time to really look at this, but you really should be escaping your data whether you feel like it'll fix your problem or not. You spoke of escaping the $_POST['content'], but not the $_POST['id']. Not doing so is simply begging for someone to crack you.
Post Reply